CVE-2025-53101

Published: Jul 14, 2025

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

7.4

HIGH

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Vendor	Product	Versions
ImageMagick	ImageMagick	affected `< 7.1.2-0` affected `< 6.9.13-26`

Weaknesses (CWE)

CWE-124

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53101

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References